Re: Auto-Enrollment of Certificates
From: Priya (Priya_at_discussions.microsoft.com)
Date: 01/14/05
- Next message: Pavel Lebedinsky: "Re: Security hole? - domain vs local user."
- Previous message: Priya: "Re: Auto-Enrollment of Certificates"
- In reply to: Michiko Short [MSFT]: "Re: Auto-Enrollment of Certificates"
- Next in thread: Michiko Short [MSFT]: "Re: Auto-Enrollment of Certificates"
- Reply: Michiko Short [MSFT]: "Re: Auto-Enrollment of Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 13 Jan 2005 17:09:01 -0800
Thanks Michiko for you reply.
What I understood from your reply is that I need to have an Active Directory
environment in my Windows XP OS and for that I need to install the
Administration Tools Pack (Adminpak.msi). Correct me if I am wrong. Could you
please tell me from where can i install this Administration Tools Pack?
And as you have mentioned "Auto-enrollment cannot be used to get certs from
third party CAs. If you wanted to use autoenrollment with the Verisign
hiearchy then you would need to work with Verisign and deploy a Windows
Server 2003 subordinate CA in your environment."
After reading the white paper, especially - "Automatic enrollment of user
certificates provides a quick and simple way to issue certificates to users
and to enable public key infrastructure (PKI) applications, such as smart
card logon, Encrypting File System (EFS), Secure Sockets Layer (SSL),
Secure/Multipurpose Internet Mail Extension (S/MIME), and others, within an
Active Directory directory service environment." So, i thought instead of
getting certificates from third party CAs, we can get the certificates by
using this. Please let me know if i am correct in thinking this.
Please note: This all is in context to making a custom CSP.
Thanks in advance.
Regards,
Priya.
"Michiko Short [MSFT]" wrote:
> Priya,
> First, to answer your question about why you cannot see the Certificate
> Templates snap-in. This is a Active Directory configuration, so assuming
> your Windows XP system is part of an Active Directory environment, you need
> to install the Administration Tools Pack (Adminpak.msi).
>
> This whitepaper describes how to use auto-enrollment with Windows Server
> 2003 CAs. For this to work you need to have an Active Directory environment
> using Windows Server 2003 issuing CAs and the workstations must belong to a
> domain. This is explained under "Key Points" in "How Autoenrollment Works".
>
> Auto-enrollment cannot be used to get certs from third party CAs. If you
> wanted to use autoenrollment with the Verisign hiearchy then you would need
> to work with Verisign and deploy a Windows Server 2003 subordinate CA in
> your environment.
>
> Did that answer your questions?
> --
> Michiko Short [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please do not send e-mail directly to this alias. This alias is for
> newsgroup purposes only.
>
>
> "Priya" <Priya@discussions.microsoft.com> wrote in message
> news:50FFF9E9-4A82-4A6A-8BD6-A7075D5F3508@microsoft.com...
> > Hello All,
> >
> > Below is a link, which is a white paper for Auto-enrollment of
> > Certificates:
> >
> > http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
> >
> > I tried to follow the mentioned steps, but i didnot find Certiifcate
> > template in the 'Add Standalone Snap-In', I can just see Certificates
> > option
> > there. Let me tell you that I have Windows XP OS. So, please let me know
> > how
> > to go about it. Also, I wanted to know if this is an alternative to get
> > the
> > certificates for our CSPs from certain authorized organization like
> > VeriSign.com.
> >
> > Thanks in advance.
> >
> > Regards,
> > Priya.
> >
>
>
>
- Next message: Pavel Lebedinsky: "Re: Security hole? - domain vs local user."
- Previous message: Priya: "Re: Auto-Enrollment of Certificates"
- In reply to: Michiko Short [MSFT]: "Re: Auto-Enrollment of Certificates"
- Next in thread: Michiko Short [MSFT]: "Re: Auto-Enrollment of Certificates"
- Reply: Michiko Short [MSFT]: "Re: Auto-Enrollment of Certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
